Explicitly set 'http_only' to true

author shibayashi <shibayashi@cypherpunk.observer>

Tue, 28 Aug 2018 20:34:31 +0000 (22:34 +0200)

committer shibayashi <shibayashi@cypherpunk.observer>

Tue, 28 Aug 2018 20:34:31 +0000 (22:34 +0200)
author shibayashi <shibayashi@cypherpunk.observer>
Tue, 28 Aug 2018 20:34:31 +0000 (22:34 +0200)
committer shibayashi <shibayashi@cypherpunk.observer>
Tue, 28 Aug 2018 20:34:31 +0000 (22:34 +0200)
diff --git a/lib/pleroma/web/endpoint.ex b/lib/pleroma/web/endpoint.ex

index 17f6b9bb61bd30d4a1befa7cee807e006b267019..6e60c90173a041e3459d748c2be8fdb6fb8dbc8f 100644 (file)
--- a/lib/pleroma/web/endpoint.ex
+++ b/lib/pleroma/web/endpoint.ex
@@ -50,6 +50,7 @@ defmodule Pleroma.Web.Endpoint do
      store: :cookie,
      key: "_pleroma_key",
      signing_salt: "CqaoopA2",
+    http_only: true,
      secure:
        Application.get_env(:pleroma, Pleroma.Web.Endpoint) |> Keyword.get(:secure_cookie_flag),
      extra: "SameSite=Strict"
author	shibayashi <shibayashi@cypherpunk.observer>
	Tue, 28 Aug 2018 20:34:31 +0000 (22:34 +0200)
committer	shibayashi <shibayashi@cypherpunk.observer>
	Tue, 28 Aug 2018 20:34:31 +0000 (22:34 +0200)